You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2023/06/07 08:50:15 UTC
[tomcat] branch main updated: Fix symlink edge case
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9390a1e936 Fix symlink edge case
9390a1e936 is described below
commit 9390a1e936dad4b4c29946e808fc9e9b7c53d1f7
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jun 7 09:49:49 2023 +0100
Fix symlink edge case
---
.../apache/catalina/webresources/AbstractFileResourceSet.java | 5 +++++
webapps/docs/changelog.xml | 9 +++++++++
2 files changed, 14 insertions(+)
diff --git a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
index e910e65118..019bb908f4 100644
--- a/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
+++ b/java/org/apache/catalina/webresources/AbstractFileResourceSet.java
@@ -117,6 +117,11 @@ public abstract class AbstractFileResourceSet extends AbstractResourceSet {
absPath = absPath.substring(absoluteBase.length());
canPath = canPath.substring(canonicalBase.length());
+ // The remaining request path must start with '/' if it has non-zero length
+ if (canPath.length() > 0 && canPath.charAt(0) != '/') {
+ return null;
+ }
+
// Case sensitivity check
// The normalized requested path should be an exact match the equivalent
// canonical path. If it is not, possible reasons include:
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 13aa77effd..4e55d004f0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -105,6 +105,15 @@
issues do not "pop up" wrt. others).
-->
<section name="Tomcat 11.0.0-M8 (markt)" rtext="in development">
+ <subsection name="Catalina">
+ <changelog>
+ <fix>
+ Fix an edge case where intra-web application symlinks would be followed
+ if the web applications were deliberately crafted to allow it even when
+ <code>allowLinking</code> was set to <code>false</code>. (markt)
+ </fix>
+ </changelog>
+ </subsection>
</section>
<section name="Tomcat 11.0.0-M7 (markt)" rtext="release in progress">
<subsection name="General">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org